An efficient, dynamic and trust preserving public key infrastructure

Nested certification is a methodology for efficient certificate path verification. Nested certificates can be used together with classical certificates in the Public Key Infrastructures (PKIs). Such a PKI, which is called nested certificate based PKI (NPKI), is proposed as an alternative to classical PKI. The NPKI formation model is a transition from an existing PKI by issuing nested certificates. Thus, we can extract efficiently verifiable nested certificate paths instead of classical certificate paths. NPKI is a dynamic system and involves several authorities in order to add a new user to the system. This uses the authorities' idle time to the benefit of the verifiers. We analyze the trade-off between the nested certification overhead and the time improvement on the certificate path verification. This trade-off is acceptable in order to generate quickly verifiable certificate paths. Moreover, PKI-to-NPKI transition preserves the existing hierarchy and trust relationships in the PKI, so that it can be used for strictly hierarchical PKIs.

[1]  M. Ufuk Çaglayan,et al.  Analytical Performance Evaluation of Nested Certificates , 1999, Perform. Evaluation.

[2]  M. Ufuk Çaglayan,et al.  Verification of classical certificates via nested certificates and nested certificate paths , 1999, Proceedings Eight International Conference on Computer Communications and Networks (Cat. No.99EX370).

[3]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[4]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[5]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[6]  David W. Chadwick,et al.  Merging and extending the PGP and PEM trust models-the ICE-TEL trust model , 1997, IEEE Netw..

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  Blake Ramsdell,et al.  S/MIME Version 3 Certificate Handling , 1999, RFC.

[9]  Butler W. Lampson,et al.  Simple Public Key Certificate , 1998 .

[10]  A. Levi DESIGN AND PERFORMANCE EVALUATION OF THE NESTED CERTIFICATION SCHEME AND ITS APPLICATIONS IN PUBLIC KEY INFRASTRUCTURES , 1999 .

[11]  Stephen Farrell,et al.  Internet X.509 Public Key Infrastructure Certificate Management Protocols , 1999, RFC.

[12]  S. Chokhani Toward a national public key infrastructure , 1994, IEEE Communications Magazine.

[13]  Santosh Chokhani Toward a National Public Key , 1994 .

[14]  Stephen Farrell,et al.  Internet Public Key Infrastructure , 1995 .

[15]  Albert Levi,et al.  NPKI: Nested Certificate Based Public Key Infrastructure , 1998 .

[16]  Stephen T. Kent,et al.  Internet Privacy Enhanced Mail , 1993, CACM.

[17]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .